Introduction Hypervisors Credits : P. Chaganti – Xen Virtualization – A practical handbook D. Chisnall – The definitive guide to Xen Hypervisor G. Kesden – Lect. 25 CS 15-440 G. Heiser – UNSW/NICTA/OKL Introduction Introduction Virtualization is a technique of partitioning the The concept of virtualization already present in resources of a single computing platform into every-day computing… multiple segregated, virtualized, execution Most modern operating systems contain a environments. simplified system of virtualization; Each environment runs independently of the Each running process is able to act as if it is the other, thus allowing multiple operating systems to only thing running. The CPUs and memory are run on the same hardware. virtualized. Introduction Introduction Virtualization of the CPU: If a process tries to Each execution environment is called a guest and consume all of the CPU, a modern operating the computing platform on which they execute is system will preempt it and allow other processes called the host . to execute; The software enabling these multiple execution Virtualization of the memory: a running process environments is commonly referred to as typically has its own virtual address space that Hypervisor or Virtual Machine Monitor (VMM). the operating system maps to physical memory to The Hypervisor runs on the host and acts as a give the process the illusion that it is the only user bridge between the host and the guests; of RAM. 1
Mixed OS Environment Mixed OS Environment Multiple VMs can be implemented on a single Virtualization implies a two-level hierarchical hardware platform to provide individuals or user scheduling framework groups with their own OS environments VM1 VM2 VM3 VM4 VM5 VM1 VM2 VM3 VM4 VM5 Local Local Local Local Local Scheduler Scheduler Scheduler Scheduler Scheduler Linux Red Hat Solaris 10 XP Vista Mac OS Linux Red Hat Solaris 10 XP Vista Mac OS Hypervisor Hypervisor Global Scheduler Hardware Hardware Figure: G. Kesden Figure: G. Kesden Benefits of Virtualization Virtualization Properties • A system VM provides • Virtualization helps a sandbox that isolate the effects of a isolates one system failure to the VM •Fault Isolation •All VM state can be captured •All guest actions go through environment from where the failure into a file (i.e., you can the virtualizing software other environments occurred operate on VM by operating which can inspect, modify, Multiple Failure •Software Isolation on file– cp, rm) and deny operations Secure Isolation Environment •Performance Isolation •Complexity is proportional to •Security (accomplished through virtual HW model and scheduling and resource independent of guest allocation) software configuration Better Mixed ‐ OS System Environment Utilization • A single hardware • A virtualized system Isolation Encapsulation Interposition 2 platform can support can be (dynamically 1 3 multiple operating or statically) re- systems concurrently configured for changing needs Figure: G. Kesden Figure: G. Kesden Methodologies Methodologies Paravirtualization – No hardware emulation. Three main methodologies used for providing virtualization: The operating system that runs on a guest needs to be a modified version that is aware of the fact that it is System Emulation – All the hardware resources running inside a hypervisor; are emulated. Lower number of privileged CPU instructions that need The guest operating system can be run without any to be executed; modification; Higher performance w.r.t emulation, closer to native It can use the hardware resources through the speed. hardware emulation layer; The VMM executes the CPU instructions that need more privileges than are available in the user space. 2
Methodologies Types of Hypervisor Gerald J. Popek and Robert P. Goldberg – “Formal OS Level Virtualization – Each guest is isolated Requirements for Virtualizable Third Generation and runs in a secure environment. Architectures”, 1974 Only multiple instances of guests that run the same Type 1: native (bare-metal) hypervisors operating systems as the host; The Hypervisor runs directly on the host's hardware to control Close to sandboxes; the hardware and to manage guest operating systems. Low run-time overhead. E.g., Xen, VMWare ESXi, Microsoft Hyper-V E.g., FreeBSD Jails, Solaris Zones Type 2: hosted hypervisors These hypervisors run on a conventional operating system just as other computer programs do. E.g., VMWare Workstation, VirtualBox Types of Hypervisor Implementation “Trap and Emulate” Raise of an exception (trap) when the guest OS OS OS OS OS OS executes a privileged instruction (e.g., accessing a physical resources); Hypervisor Hypervisor The exception handler is used to invoke the hypervisor code. OS Hardware Hardware Type-1 Type-2 ( bare-metal ) ( hosted ) Figure: G. Heiser Implementation Implementation “Trap and Emulate” “Trap and Emulate” Popek and Goldberg, 1974 Popek and Goldberg, 1974 – In other words… “For any conventional third-generation computer, an It is sufficient that all the instructions that could affect effective VMM may be constructed if the set of the correct functioning of the VMM (sensitive sensitive instructions for that computer is a subset of instructions) always trap and pass control to the the set of privileged instructions.” VMM. Figure: G. Heiser Figure: G. Heiser 3
Implementation Implementation “Trap and Emulate” Impure Virtualization Most common architectures are not virtualizable Change the Guest OS code replacing sensitive according to definition of Popek and Goldberg instructions x86 – lots of unvirtualizable features Paravirtualization – by trapping code (hypercalls) Binary translation - In-line code emulation E.g., PUSH of PSW (Processor State Word) is not privileged MIPS – mostly virtualizable, but… Hypercall Kernel registers k0,k1 (needed to save/restore state) are user- accessible ARM – mostly virtualizable but… Some instructions are undefined in user-mode Embedded Systems Embedded Systems Virtualization historically used for easier sharing License Separation of expensive mainframes. System composed of Linux + proprietary SW Gone out of fashion in 80’s and resurrected in (not open-source) recent years for improved isolation in modern computing systems. VMs can be used to isolate Why virtualization for Embedded Systems? Linux Embedded Systems Embedded Systems Software-Architecture Abstraction Certification Issues Support Encapsulation of a safety-critical subsystem that for product series: same software running on different hardware; can be certified independently of the other subsystems running on the same platform Decoupling from the real hardware. Benefits Time-to-market; Engineering cost. 4
Embedded Systems Embedded Systems Automotive Case-Study Security Proliferation of ECUs: more than doubled in 10 Protection against exploits; years E.g., software attacked by UI exploits It is possible to compromise the core SW from an attack of the UI SW Virtualization protects this kind of attacks ensuring a separation into different VMs Embedded Systems Embedded Systems Automotive Case-Study Automotive Case-Study Trend: Integration in fewer, more powerful, ECUs Thanks to virtualization it is possible to re-use a complete legacy ECU software The Xen Hypervisor What is Xen? An Overview on “ Xen is an open-source paravirtualization technology The Xen Hypervisor that provides a platform for running multiple operating systems in parallel on one physical hardware resource ” Originally developed in 2003 at the University of Cambridge Computer Laboratory 5
The Xen Hypervisor The Xen Hypervisor Xen refers to each virtual machine that runs on a system as a domain. When Xen boots up, it first starts the hypervisor, which is responsible for starting a domain named Domain0 ( dom0 ) in which a specific host operating system runs. The Xen Hypervisor The Xen Hypervisor An Unprivileged Domain ( domU ) guest is more Domain0 is a privileged domain that can access restricted. the hardware resources and can manage all the other domain (e.g., create, destroy, save, restore, Typically not allowed to perform hypercalls that etc.) directly access to the hardware. Not able to manage other domains or the hypervisor configuration The Xen Hypervisor The Xen Hypervisor Xen is based on para-virtualization Hardware-assisted virtualization Requires modification of the guest OS Newer processors have a set of instructions that makes virtualization easier Insertion of hypercalls to replace privileged instructions; x86: Intel VT-x and AMD Pacifica (AMD-V) Time virtualization The CPU provides traps for certain privileged instructions; … Enable Guest OSes to be run without paravirtualization modifications (e.g., old OSes like Windows XP) 6
Recommend
More recommend
